Xerox: Security Vulnerabilities
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-03-07
The default configurations for DocuTech 6110 and DocuTech 6115 have a default administrative password of (1) "service!" on Solaris 8.0 or (2) "administ" on Windows NT, which allows remote attackers to gain privileges.
CVSS Score
7.5
EPSS Score
0.012
Published
2002-12-31
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 allows remote attackers to connect to the web server and (1) submit print jobs directly into the "print now" queue or (2) read the scanner job history.
CVSS Score
6.4
EPSS Score
0.003
Published
2002-12-31
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 running Solaris 8.0 has a large number of unnecessary services enabled such as RPC and sprayd, which could allow remote attackers to obtain access to the device.
CVSS Score
7.5
EPSS Score
0.007
Published
2002-12-31
The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exports certain NFS shares to the world with world writable permissions, which may allow remote attackers to modify sensitive files.
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
CVSS Score
5.0
EPSS Score
0.008
Published
2001-08-09
HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters.
CVSS Score
5.0
EPSS Score
0.007
Published
1999-10-13
Page 11